diff --git a/Feature.Manager.Api/Configs/CorsConfig.cs b/Feature.Manager.Api/Configs/CorsConfig.cs new file mode 100644 index 0000000..ee280b3 --- /dev/null +++ b/Feature.Manager.Api/Configs/CorsConfig.cs @@ -0,0 +1,12 @@ +using System.Collections.Generic; + +namespace Feature.Manager.Api.Configs +{ + public class CorsConfig + { + public IEnumerable Origins { set; get; } + public IEnumerable Headers { set; get; } + public bool AllowCredentials { set; get; } + public string PolicyToUse { set; get; } + } +} diff --git a/Feature.Manager.Api/Startup.cs b/Feature.Manager.Api/Startup.cs index 44e7dac..57e3146 100644 --- a/Feature.Manager.Api/Startup.cs +++ b/Feature.Manager.Api/Startup.cs @@ -1,10 +1,12 @@ using System.Text.Json.Serialization; +using Feature.Manager.Api.Configs; using Feature.Manager.Api.StartupExtensions; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; +using Microsoft.Extensions.Options; namespace Feature.Manager.Api { @@ -30,15 +32,17 @@ public void ConfigureServices(IServiceCollection services) }); services.ConfigureSwagger(); services.RegisterWorker(); + services.SetupCors(Configuration.GetSection("CorsConfig").Get()); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. - public void Configure(IApplicationBuilder app, IWebHostEnvironment env) + public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IOptions corsConfig) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } + app.UseCorsPolicy(corsConfig.Value); app.UseRouting(); app.UseAuthorization(); app.AddSwaggerWithUi(); diff --git a/Feature.Manager.Api/StartupExtensions/Configuration.cs b/Feature.Manager.Api/StartupExtensions/Configuration.cs index 5e685c1..d1f71d0 100644 --- a/Feature.Manager.Api/StartupExtensions/Configuration.cs +++ b/Feature.Manager.Api/StartupExtensions/Configuration.cs @@ -9,6 +9,7 @@ public static class Configuration public static void AddConfiguration(this IServiceCollection services, IConfiguration configuration) { services.Configure(configuration.GetSection("DatabaseConfig")); + services.Configure(configuration.GetSection("CorsConfig")); } } } diff --git a/Feature.Manager.Api/StartupExtensions/Cors.cs b/Feature.Manager.Api/StartupExtensions/Cors.cs new file mode 100644 index 0000000..03ee215 --- /dev/null +++ b/Feature.Manager.Api/StartupExtensions/Cors.cs @@ -0,0 +1,41 @@ +using System.Linq; +using Feature.Manager.Api.Configs; +using Microsoft.AspNetCore.Builder; +using Microsoft.Extensions.DependencyInjection; + +namespace Feature.Manager.Api.StartupExtensions +{ + public static class Cors + { + public static void SetupCors(this IServiceCollection services, CorsConfig config) + { + services.AddCors(x => + { + x.AddPolicy("development", builder => + { + builder + .AllowAnyOrigin() + .AllowAnyHeader() + .AllowAnyMethod(); + }); + x.AddPolicy("production", builder => + { + builder.WithOrigins(config.Origins.ToArray()) + .WithMethods(config.Headers.ToArray()) + .AllowAnyMethod(); + if (!config.AllowCredentials) + { + builder.DisallowCredentials(); + return; + } + builder.AllowCredentials(); + }); + }); + } + + public static void UseCorsPolicy(this IApplicationBuilder app, CorsConfig config) + { + app.UseCors(config.PolicyToUse); + } + } +} diff --git a/Feature.Manager.Api/appsettings.json b/Feature.Manager.Api/appsettings.json index 5cc2a42..55b66bb 100644 --- a/Feature.Manager.Api/appsettings.json +++ b/Feature.Manager.Api/appsettings.json @@ -23,5 +23,11 @@ "Database": "monitoring" } }, - "AllowedHosts": "*" + "AllowedHosts": "*", + "CorsConfig": { + "Origins": ["*"], + "Headers": ["x-client-version"], + "AllowCredentials": false, + "PolicyToUse": "development" + } }